14 November 2017

Mobile Payment Systems: Disruptive Development and Cyber Risks

Kayawill be hosting the session Mobile Payment Systems: Disruptive Development and Cyber Risks at (ISC)² Secure Summit MENA, between 21st and 22nd November 2017.

Two fundamental shifts in traditional payment methods are changing the landscape of spending. Emerging blockchain-based currencies and alternative payment channels are disrupting time honored cash and credit card-based transaction service providers. Enabling cheap transactions when traditional banking services are expensive is critical for supporting business growth, especially in the developing world, where banking services are not always cheap or available. At the same time, ensuring appropriate privacy, security and confidentiality, as well as the (lack of) disclosure level that customers are demanding, mandates innovation in a very conservative industry.

The race is on! At stake is the 300 USD (present value) global financial market. The winner will reap significant market share, and rewards, and will need to successfully balance disclosure with security, integrity with flexibility and keep up with both customer needs and a dynamic technical environment.

The existing payment structures (such as credit card, SWIFT and local EFT/Check) are showing their pale underbelly in developing markets, like Kenya, where their inability to penetrate the marketplace and develop a customer base has given alternative payment service providers a huge opportunity. Safaricom’s M-PESA (mobile payment system) has become the countrywide economic backbone. When I last visited there, I asked a colleague to pay for my airport car with M-PESA, because the driver preferred it to banknotes. As the traditional banking system did not penetrate the market, Vodafone was able to create a structure that can charge up to 3% per transaction (risk free money!) to happy customers. Traditional credit card-based payment systems also carry significant infrastructure costs that end up adding up to a 7% cost for each transaction. While presently extremely convenient and easy to use, existing payment structures are open to disruption, due to their high fees.

A completely automated accounting structure, that was both self-contained and distributed to anyone who wished it, could enable significant cost savings over any existing structure that had overhead – like our present credit card-based spending system. Does such a distributed structure exist? Of course! It’s called a peer2peer network. Within this peer2peer network, we would need to keep track of every measure of value that was in our system, as well as let the other value holders know whenever it was spent, as well as who now owned it. How might we build this distributed, internally consistent and updating database? Blockchain technologies could be the foundation. A distributed ledger node that every stakeholder could keep a copy of would be the starting point. This node could start with a finite number of a single set of value, let’s call it a Kaya. The system would start by selling a finite number of Kayas, and this initial sale would be called an Initial Kaya Offering. Each sale would need to be verified, and this is where things start getting tricky. How can we ensure that each sale is genuine? The only way is for all of the ledger holders to agree to a specific set of circumstances that they will always accept as a valid transaction. Designing a mathematically challenging proof (such as creating a hash of the existing ledger, present transaction and owner with SHA-256 and only accepting a hash that starts with a specific number of zeros) that a Kaya miner would need to complete, in order to both book the transaction, as well as gain a Kaya for itself could be an adequate Proof of Work (PoW). A completed transaction could then be sent as an update of the PoW to all distributed ledger nodes. This updated blockchain might contain both the previous transaction, as well as the new Kayas’ owner I.D. As time went by and Moore’s Law progressed and enabled faster PoW, we could make the PoW more complex (such as a SHA-256 that started with a greater number of zeros). As the complexity of the PoW increased, faster CPUs optimized for graphical calculations could enable higher profitability for the enterprises that mined Kaya. More CPUs running concurrently in close proximity might create economies of calculating scale. Size would fuel growth. Production limits and profitability could go as far as the existing physical electrical grid could fuel it. Remote areas that offered both subsidized electricity and a cool operating environment (like Mongolia and Western China) could become competitive globally at mining Kaya. As the size of the distributed ledger and number of concurrent Kaya transactions grew, the updated blockchain could start to bottleneck the system. Ledger node rich regions might have faster update times and drive demand. As more Kaya transactions were completed, they could press for a longer update blockchain that would place remote Kaya miners at a network latency/competitive disadvantage. Conversely, a longer blockchain could enable faster transactions and growth.

The challenge of predicting further growth in blockchain-based monetary systems is limited by their present limited capacity. Existing architectures are not scaled to securely carry our world’s financial markets. A good part of the world’s electrical production would be needed to support present blockchain-based structures in processing today’s global transaction load.

Emerging payment methods can enable low cost financial services and will also present new governance, security and availability challenges as they grow.

Creating the next generation blockchain that can both scale and disrupt existing monetary systems will mandate unprecedented governance, that is both integrated into its architecture and completely transparent. Counterparties will be able to make each transaction as public or as private as they wish it to be. Is there a need for financial auditors when an organization’s every transaction is completely visible? How can a government tax transactions that they don’t know about and can’t detect? Who decides whether to grow the updated blockchain size?

Which of the stakeholders (such as the node rich regions, remote miners, coders, investors, researchers, government entities) might inspire the consensus needed to move forward?

Comments

Kayawill be hosting the session Mobile Payment Systems: Disruptive Development and Cyber Risks at (ISC)² Secure Summit MENA, between 21st and 22nd November 2017.

Two fundamental shifts in traditional payment methods are changing the landscape of spending. Emerging blockchain-based currencies and alternative payment channels are disrupting time honored cash and credit card-based transaction service providers. Enabling cheap transactions when traditional banking services are expensive is critical for supporting business growth, especially in the developing world, where banking services are not always cheap or available. At the same time, ensuring appropriate privacy, security and confidentiality, as well as the (lack of) disclosure level that customers are demanding, mandates innovation in a very conservative industry.

The race is on! At stake is the 300 USD (present value) global financial market. The winner will reap significant market share, and rewards, and will need to successfully balance disclosure with security, integrity with flexibility and keep up with both customer needs and a dynamic technical environment.

The existing payment structures (such as credit card, SWIFT and local EFT/Check) are showing their pale underbelly in developing markets, like Kenya, where their inability to penetrate the marketplace and develop a customer base has given alternative payment service providers a huge opportunity. Safaricom’s M-PESA (mobile payment system) has become the countrywide economic backbone. When I last visited there, I asked a colleague to pay for my airport car with M-PESA, because the driver preferred it to banknotes. As the traditional banking system did not penetrate the market, Vodafone was able to create a structure that can charge up to 3% per transaction (risk free money!) to happy customers. Traditional credit card-based payment systems also carry significant infrastructure costs that end up adding up to a 7% cost for each transaction. While presently extremely convenient and easy to use, existing payment structures are open to disruption, due to their high fees.

A completely automated accounting structure, that was both self-contained and distributed to anyone who wished it, could enable significant cost savings over any existing structure that had overhead – like our present credit card-based spending system. Does such a distributed structure exist? Of course! It’s called a peer2peer network. Within this peer2peer network, we would need to keep track of every measure of value that was in our system, as well as let the other value holders know whenever it was spent, as well as who now owned it. How might we build this distributed, internally consistent and updating database? Blockchain technologies could be the foundation. A distributed ledger node that every stakeholder could keep a copy of would be the starting point. This node could start with a finite number of a single set of value, let’s call it a Kaya. The system would start by selling a finite number of Kayas, and this initial sale would be called an Initial Kaya Offering. Each sale would need to be verified, and this is where things start getting tricky. How can we ensure that each sale is genuine? The only way is for all of the ledger holders to agree to a specific set of circumstances that they will always accept as a valid transaction. Designing a mathematically challenging proof (such as creating a hash of the existing ledger, present transaction and owner with SHA-256 and only accepting a hash that starts with a specific number of zeros) that a Kaya miner would need to complete, in order to both book the transaction, as well as gain a Kaya for itself could be an adequate Proof of Work (PoW). A completed transaction could then be sent as an update of the PoW to all distributed ledger nodes. This updated blockchain might contain both the previous transaction, as well as the new Kayas’ owner I.D. As time went by and Moore’s Law progressed and enabled faster PoW, we could make the PoW more complex (such as a SHA-256 that started with a greater number of zeros). As the complexity of the PoW increased, faster CPUs optimized for graphical calculations could enable higher profitability for the enterprises that mined Kaya. More CPUs running concurrently in close proximity might create economies of calculating scale. Size would fuel growth. Production limits and profitability could go as far as the existing physical electrical grid could fuel it. Remote areas that offered both subsidized electricity and a cool operating environment (like Mongolia and Western China) could become competitive globally at mining Kaya. As the size of the distributed ledger and number of concurrent Kaya transactions grew, the updated blockchain could start to bottleneck the system. Ledger node rich regions might have faster update times and drive demand. As more Kaya transactions were completed, they could press for a longer update blockchain that would place remote Kaya miners at a network latency/competitive disadvantage. Conversely, a longer blockchain could enable faster transactions and growth.

The challenge of predicting further growth in blockchain-based monetary systems is limited by their present limited capacity. Existing architectures are not scaled to securely carry our world’s financial markets. A good part of the world’s electrical production would be needed to support present blockchain-based structures in processing today’s global transaction load.

Emerging payment methods can enable low cost financial services and will also present new governance, security and availability challenges as they grow.

Creating the next generation blockchain that can both scale and disrupt existing monetary systems will mandate unprecedented governance, that is both integrated into its architecture and completely transparent. Counterparties will be able to make each transaction as public or as private as they wish it to be. Is there a need for financial auditors when an organization’s every transaction is completely visible? How can a government tax transactions that they don’t know about and can’t detect? Who decides whether to grow the updated blockchain size?

Which of the stakeholders (such as the node rich regions, remote miners, coders, investors, researchers, government entities) might inspire the consensus needed to move forward?

About the (ISC)² Blog

As the certifying body for more than 125,000 cyber, information, software and infrastructure security professionals worldwide, (ISC)² believes in the importance of open dialogue and collaboration. (ISC)² established this blog to provide a voice to certified members, who have significant knowledge and valuable insights that can benefit other security professionals and the public at large.

The (ISC)² blog gives members a forum to exchange ideas and inspires a safe and secure cyber world by supporting the advancement of the information security workforce via a public exchange with a broad range of information security topics.

Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. The postings on this site are the author's own and don't necessarily represent (ISC)²'s positions, strategies or opinions. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content – common sense and intelligence should prevail.

Other than links to the (ISC)² website, (ISC)² does not control or endorse any links to products or services provided in this blog and makes no warranty regarding the content on any other linked website.

Those who post comments to (ISC)² blogs should ensure their comments are focused on relevant topics that relate to the specific blog being discussed. (ISC)² reserves the right to remove any post or comment from this site. Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org